Inside Security (May 14th, 2018)

Hackers targeted the Danish national train system over the weekend, according to this report. It was a DDoS attack, and customers couldn’t use the online ticketing service during the incident. Also, the restaurant chain Chili’s was breached, and its notification is here about the incident, which happened in March and April. Credit card data may have been stolen. While disclosing quickly, the chain didn’t say which stores or how many customer records might have been compromised. The beat goes on….

-- David Strom, editor of Inside Security

Last week, the Talos Security group published a detailed analysis paper on wiper-based malware, which includes ransomware and other attacks that destroy your files. Some wipers destroy the system code but not your data, others target just data. The report shows the composition of the malware payload, how it moves about your network, and shows some sample timelines of previous attacks. Well worth reading.

Security researchers are reporting that seven malicious Android apps they have detected and reported to Google the first time, have slipped back into the Play Store after changing their names. All of these apps have built-in wait times of four hours before undertaking their actual malware purposes and use another app as launcher icon to better hide from detection. -- SYMANTEC

Facebook says it has suspended around 200 apps for potentially misusing people’s data, following an audit that was prompted by the Cambridge Analytica scandal. The social networking company will examine these apps further to determine if any data misuse was done and then they will be either reinstated or banned. – FACEBOOK NEWS

SafeBreach announced a $15 M series B round led by Draper Nexus. The Silicon Valley-based firm sells hacking simulation tools and its CEO is Guy Bejerano.

PhishLabs has raised a $20.5M round and has acquired its Canadian competitor BrandProtect. It is based in Charleston, SC and its CEO is Tony Prince.

Protego has raised a $2M seed round from Ron Gula and other investors. The Baltimore-based startup is putting together a security tool for serverless networks. Tsion Gonen is its CEO.

ERP Maestro has raised a $12M funding round, led by Aspen Capital. The Weston, Florida-based firm sells SAP-based access controls and its CEO is Jody Paterson.

Red Points has raised a $12M B funding round led by Eight Roads Ventures. It is based in Barcelona and sells machine-learning network protection tool. Its CEO is Laura Urquitzu.

A new malware campaign is infecting users through the Google Chrome store (since removed) with an extension called Niglethorn. It can use a fake YouTube page to play a video. It runs on both Windows and Linux Chrome browsers and bypasses Google security checks. About 25,000 end users have been infected so far, and the malware is spread through Facebook networks. It steals data and sets up cryptominers. – RADWARE BLOG

The Zeus banking Trojan Panda is back and still primarily focused on financial services organizations. The campaigns are after Facebook and Twitter users and have control servers based in Russia and China. – F5 BLOG

Scammers designed a phishing website and encrypted it with AES in their attempts to steal unsuspecting users’ Apple IDs. The phish is designed to mimic Apple notifications, requiring victims to update their payment data. When you click on the “unlock account now” link as shown, you are directed to a page to collect your private data. – TREND MICRO BLOG

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops. The bug could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction. It has been fixed with this update and users are urged to download the new code. Alfredo Ortega announced a proof-of-concept last week. – THE HACKER NEWS

James Robinson, 32, is an Akron man who was arrested and charged in federal court for launching denial of service attacks that shut down websites for the city of Akron and the Akron Police Department. The attacks happened last August and shuttered sites for a week. – FBI WEBSITE

A low-volume data-stealing campaign named Vegas Stealer has the potential to get much bigger, according to researchers. It has begun targeting retail and manufacturing companies and tries to obtain credit card data and other private information. – PROOFPOINT BLOG